Opening Malicious File Grants Access to Android Devices

A critical vulnerability exists in the Android operating system’s framework that could allow a threat actor to send a malicious PNG image file to an Android device and execute arbitrary code if opened. This is just another example of the steganography technique used to bury malicious code in digital images. Android versions 7.0 and 9.0 are impacted and patches have been released. The NJCCIC recommends patching systems as updates become available. More details on the Android vulnerability and updates can be found in their security bulletinand ZDNet’s blog post.

Reference in this site to any specific commercial product, process, or service, or the use of any trade, firm or corporation name is for the information and convenience of the public, and does not constitute endorsement, recommendation, or favoring by the NJCCIC and the State of New Jersey.